Commit 65a82e11 authored Aug 20, 2024 by Christophe Leroy Committed by Michael Ellerman Aug 30, 2024

powerpc/8xx: Fix kernel vs user address comparison



Since commit 9132a2e8 ("powerpc/8xx: Define a MODULE area below
kernel text"), module exec space is below PAGE_OFFSET so not only
space above PAGE_OFFSET, but space above TASK_SIZE need to be seen
as kernel space.

Until now the problem went undetected because by default TASK_SIZE
is 0x8000000 which means address space is determined by just
checking upper address bit. But when TASK_SIZE is over 0x80000000,
PAGE_OFFSET is used for comparison, leading to thinking module
addresses are part of user space.

Fix it by using TASK_SIZE instead of PAGE_OFFSET for address
comparison.

Fixes: 9132a2e8 ("powerpc/8xx: Define a MODULE area below kernel text")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/3f574c9845ff0a023b46cb4f38d2c45aecd769bd.1724173828.git.christophe.leroy@csgroup.eu

parent f9f2bff6

arch/powerpc/kernel/head_8xx.S

+3 −3

Original line number	Diff line number	Diff line
		@@ -41,12 +41,12 @@
		#include "head_32.h"

		.macro compare_to_kernel_boundary scratch, addr
		#if CONFIG_TASK_SIZE <= 0x80000000 && CONFIG_PAGE_OFFSET >= 0x80000000
		#if CONFIG_TASK_SIZE <= 0x80000000 && MODULES_VADDR >= 0x80000000
		/* By simply checking Address >= 0x80000000, we know if its a kernel address */
		not. \scratch, \addr
		#else
		rlwinm \scratch, \addr, 16, 0xfff8
		cmpli cr0, \scratch, PAGE_OFFSET@h
		cmpli cr0, \scratch, TASK_SIZE@h
		#endif
		.endm

		@@ -404,7 +404,7 @@ FixupDAR:/* Entry point for dcbx workaround. */
		mfspr r10, SPRN_SRR0
		mtspr SPRN_MD_EPN, r10
		rlwinm r11, r10, 16, 0xfff8
		cmpli cr1, r11, PAGE_OFFSET@h
		cmpli cr1, r11, TASK_SIZE@h
		mfspr r11, SPRN_M_TWB /* Get level 1 table */
		blt+ cr1, 3f